Exercise: Automating Deployments using AWS CloudFormation

Natasha Ong
This is some text inside of a div block.
4 min read

Traditional infrastructure setup involves a lot of manual work. You have to set up each part one by one, and that takes time and can lead to mistakes.

AWS CloudFormation makes this much easier. It lets you create a template for all the resources you need to create, and then it sets them up for you. You can also keep track of what you've done (version control) and easily make changes if needed. This way, you always have a clear and consistent way to set up your infrastructure. Overall, CloudFormation provides a more efficient, reliable, and scalable approach to infrastructure deployment.

Exercise Overview:

In this hands-on exercise, you will:

  • Experience deploying a CloudFormation template*
  • Define a set of AWS resources with the template
  • Deploy the template to create a stack**
  • Update and manage the stack using the AWS Management Console

Key concepts:

*CloudFormation template: This is a JSON or YAML formatted document that defines which AWS resources you want to provision and configure. It acts as a blueprint, specifying resource types, properties, and their relationships.
**CloudFormation stack: When you deploy the CloudFormation template, the group of resources that gets created together is called a stack. It's like bringing your blueprint to life – all those resources are created and managed as one unit.


By the end of this hands-on exercise, you should be able to do the following.

  • Deploy an AWS CloudFormation stack with a defined Virtual Private Cloud (VPC), and Security Group.
  • Configure an AWS CloudFormation stack with resources, such as an S3 bucket and EC2 instance.
  • Terminate an AWS CloudFormation and its respective resources.

Task 0: Accessing the AWS Management Console

  1. Sign in to your IAM user and access your AWS Management Console.
  2. Select your preferred region for doing this exercise. We recommend picking the region that's closest to you.

Task 1: Deploy a CloudFormation stack

In this task, you will begin by deploying a CloudFormation stack that creates a VPC as shown in this diagram:

  1. Download the CloudFormation template: click here! The download should begin automatically.
  • What's inside this file? Inside this file is the CloudFormation template we're using. This template is a script that sets up a VPC with public internet access, a subnet, and a security group to allow web traffic.
  1. Open this file in a Text Editor such as Notepad, TextEdit, Notepad++ and other text editor. To do this, find the file in your Downloads folder, right-click on the file, and hover over 'Open With'. A text editor option should be available in the list!
  • Look through the file. You will notice several sections:
  • The Parameters section is used to prompt for information that will be reused across the template. The template is asking for two IP address (CIDR) ranges for defining the VPC.
  • The Resources section is used to define the resources CloudFormation is going to create. The template is defining the VPC, and a Security Group.
  • The Outputs section is used to provide selective details about resources in the stack. The template is providing the Default Security Group for the VPC that is created.
The template is written in a format called YAML, which is commonly used for configuration files. The format of the file is important, including the indents and hyphens. CloudFormation templates can also be written in JSON.

You will now use this template to launch a CloudFormation stack.

  1. In the AWS Management Console, on the Services menu, search for CloudFormation.and click it.
  2. Click Create stack.
  • In this section Prerequisite - Prepare template provides options for preparing a template. You have three choices:
  • Template is ready: If they already have a prepared template. In this exercise, you will choose Template is ready since you've downloaded the file from the previous step.
  • Use a sample template: To use a provided AWS template.
  • Create template in Designer: To visually design a new template.

Nice! Now AWS knows you're using an existing template. But AWS doesn't know what this existing template looks like. That why it asks you to specify the format of your template in Specify template. You two options to provide the template under Template source:

  1. Amazon S3 URL: This option lets users provide a URL if their template is stored on Amazon S3.
  2. Upload a template file: Here, users can upload a file directly from their device.

3. Choose Upload a template file. Click Browse or Choose file and upload the template file you downloaded earlier.

After the file is uploaded, CloudFormation generates and displays an Amazon S3 URL. This URL indicates where the uploaded template is stored, and it's hosted in the ap-southeast-2 AWS region.

  1. Click Next.
  2. On the Specify Details page, configure:
  3. Stack name: Lab-VPCStack
  4. In the Parameters section, you will see that CloudFormation is prompting for the IP address ('CIDR') range for the VPC and Subnet. No need to edit this - our template already decided on a default value (under Parameters).
  5. Click Next.
  • The Options page can be used to specify additional parameters. You can browse the page, but leave settings at their default values.

6. Click Next.

  • The Review page displays a summary of all settings. Some of the resources are defined with custom names, which can lead to naming conflicts. CloudFormation might give you a little banner that says custom names are being used to remind you about this.

7. Click Submit.

  • The stack will now enter the CREATE_IN_PROGRESS status. Oooooooo! 😗

8. Click the Events tab and scroll through the listing.

  • The listing shows (in reverse order) the activities performed by CloudFormation, such as starting to create a resource and then completing the resource creation. Any errors during stack creation will be listed in this tab.

9. Click the Resources tab.

  • The listing shows the resources that are being created. CloudFormation determines the optimal ideas for resources to be created, e.g. creating the VPC before the subnet.

10. Wait until the status changes to CREATE_COMPLETE. You can click Refresh icon occasionally to update the display.

Optional: Navigate to the VPC console in a new browser tab to see Lab VPC was created. That's CloudFormation at work! Then, return to the CloudFormation console.

Task 2: Add an Amazon S3 bucket to the stack

In this task, you will edit a CloudFormation template.

Your objective is to:

  • Add an Amazon S3 bucket to the template
  • Then update the stack with the revised template

This will result in a new bucket being deployed.

Instead of following set instructions, you'll have to figure out how to modify the template on your own!

If you feel stuck, here are some tips:

  • You should edit the Task1.yaml file you downloaded earlier to include an Amazon S3 bucket.
  • The correct solution only needs two lines — one for the identifier and one for the type.
  • Your code should go under the Resources header in the template file. You do not need to edit any Properties for this bucket resource
  • Indents are important in YAML — use two spaces for each indent.
  • Use this documentation page for assistance: Amazon S3 Template Snippets.

Once you have edited the template, continue with the following steps to update the stack.

  1. In the CloudFormation console, select Lab-VPCStack. Click Update.

2. Choose Replace current template, then choose Upload a template file. Click Choose file, then browse to and select the Task1.yaml file that you modified.

3. Click Next.

  • Note: If you receive an error message here, it's probably something to do with the code you've added. Ask the NextWork community about what you see!

4. On the Specify stack details page, click Next.

5. On the Configure stack options page, click Next.

  • Wait for CloudFormation to calculate the changes. You should see something similar to this at the bottom of the page:
  • This means CloudFormation will Add an Amazon S3 bucket. All other resources defined in the template will be unchanged. Woohoo! Your existing resources do not need to be redeployed - how easy and simple. 😮‍💨

6. Click Submit.

  • After a minute, the stack status will change from UPDATE_IN_PROGRESS to UPDATE_COMPLETE.

8. Click the Resources tab.

  • The bucket will now be displayed in the list of resources. CloudFormation will have assigned it a random name so that it doesn't conflict with any existing bucket names.

Task 3: Add an Amazon EC2 instance to the stack

In this task, your objective is to add an Amazon EC2 instance to the template, then update the stack with the revised template.

While creating an S3 bucket is pretty straightforward (only taking two lines), setting up an Amazon EC2 instance is a bit trickier. This is because the EC2 instance requires other related items like an AMI, a security group, and a subnet.

First, you will add a special parameter that is used to provide a value for the Amazon Machine Image (AMI).

  1. Update the template by adding these lines in the Parameters section:

  • This parameter fetches the Amazon Linux 2023 AMI.
  • When writing CloudFormation templates, you can refer to other resources in the template by using the !Ref keyword. Let's take a cheeky look back at the Task1.yaml template that defines a VPC, then references the VPC within the Route Table definition using !Ref:

  • You will use this technique when defining the EC2 instance.

2. Use the tips below to update the template to add an Amazon EC2 instance with the following Properties:

- ImageId: Refer to AmazonLinuxAMIID, which is the parameter added in the previous step

- InstanceType: t2.micro

- NetworkInterfaces is used for AWS resources that need to connect to the internet, like an EC2 computer. It tells the resource how to connect to the network and has these important settings:

- DeviceIndex becomes more important when you have multiple network connections, because it helps prioritise which network connections are most important. Since we only have one connection going, the value is 0.

- SubnetId is the ID of the subnet to associate with the network interface. Refer to PublicSubnet, which is defined elsewhere in the template

- AssociatePublicIpAddress decides whether the network interface receives a public IP address. The value of this should be true.

- GroupSet contains a list of security group IDs to assign to the network interface. Refer to AppSecurityGroup, which is defined elsewhere in the template.

- Tags: Use this YAML block:

If you feel stuck, here are some tips:

  • Use this documentation page for assistance: AWS::EC2::Instance. Remember we're writing in YAML! Scroll to the bottom of the page for an example on how to include NetworkInterfaces in your code.
  • Your code should go under the Resources: header in the template file.
  • Only add the four Properties listed above, there is no need to include any other properties.
  • The
  • When referring to other resources in the same template, use !Ref — see the VPC example above.

3. Once you have edited the template, update the stack with your revised template file. The steps to updating the template is exactly the same as the previous task.

4. Click the Resources tab.

You should see the created EC2 instance.

If you get stuck in Tasks 2 and 3, download this template YAML file for a completed script.

Here is the code you'll need to add to successfully complete Tasks 2 and 3:

Task 4: Delete the stack

When a CloudFormation stack is deleted, CloudFormation will automatically delete the resources that it created.

In this task, you will:

  • Delete the CloudFormation stack
  • Delete the S3 bucket associated with the stack

Challenge yourself - can you delete the stack and S3 bucket without any guidance?

Optional: Check your VPC console again after deleting your stack - can you still see it?








If you'd like some guidance for deleting the stack, here are the steps:

  1. In the CloudFormation console, select Lab-VPCStack.
  2. Click Delete, then at the prompt, click Delete.
  • The stack will show DELETE_IN_PROGRESS. After a few minutes, the stack will disappear.

3. Verify that the Amazon S3 bucket, Amazon EC2 instance and the VPC have been deleted.

4. Now let's delete your S3 bucket. If you have a bunch of different S3 buckets and can't figure out which one is the one you made for this exercise, the name should be formatted like this:

  • cf-template-<random_number>-<region_code>
  • Select the S3 bucket, and choose Empty to delete the S3 objects.
  • Type permanently delete to confirm the deletion of S3 objects.
  • Now, you can delete the S3 bucket.
  • Select the S3 bucket, and choose Delete.
  • Type the name of your S3 bucket, and choose Delete bucket.

Congratulations! You've completed this hands-on exercise! You have successfully:

  • Deployed an AWS CloudFormation stack with a defined VPC and security group.
  • Configured an AWS CloudFormation stack with resources, such as an S3 bucket and EC2 instance.
  • Deleted an AWS CloudFormation stack and its resources.